EIP-2026-107339

This is a writeup describing two vulnerabilities in Galmeta Post CMS <= 0.2: a remote code execution via eval injection in adodb-perf-module.inc.php and an arbitrary file upload via FCKeditor. No functional exploit code is provided.